samedi 6 juin 2020    || Inscription
BanniereAlertes
 
 

Notre sélection d'alertes et avis SSI.
Sources : US Cert, Cert EU, Cert FR, Cnil, VulDB.

lundi 4 mars 2019

Supportutils up to 3.1-5.7.0 Command Line privilege escalation

A vulnerability, which was classified as critical, was found in Supportutils up to 3.1-5.7.0. Affected is a function of the component Command Line. The manipulation with an unknown input leads to a privilege escalation vulnerability. CWE is classifying the issue as CWE-20. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was disclosed 03/05/2019 as Bug 1117751 as bug report (Bugzilla). The advisory is available at bugzilla.suse.com. This vulnerability is traded as CVE-2018-19636 since 11/28/2018. Local access is required to approach this attack. A single authentication is required for exploitation. The technical details are unknown and an exploit is not available.

Upgrading to version 3.1-5.7.1 eliminates this vulnerability.

The entries 131323, 131324, 131325 and 131326 are pretty similar.

CPE

CVSSv3

VulDB Meta Base Score: 7.8
VulDB Meta Temp Score: 7.5

VulDB Base Score: 7.8
VulDB Temp Score: 7.5
VulDB Vector: 🔒
VulDB Reliability: 🔍

NVD Base Score: 7.8
NVD Vector: 🔒

CVSSv2

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍

NVD Base Score: 🔒

Exploiting

Class: Privilege escalation (CWE-20)
Local: Yes
Remote: No

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligence

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Actions: 🔍

Countermeasures

Recommended: Upgrade
Status: 🔍
0-Day Time: 🔒

Upgrade: Supportutils 3.1-5.7.1

Timeline

11/28/2018 CVE assigned
03/05/2019 Advisory disclosed
03/06/2019 VulDB entry created
03/06/2019 VulDB last update

Sources

Advisory: Bug 1117751

CVE: CVE-2018-19636 (🔒)
See also: 🔒

Entry

Created: 03/06/2019 07:17 AM
Complete: 🔍

Lien vers l'article source

Auteur: VulDB

Catégories: VulDBNombre de vues: 137

x

Événements SSI